Launch HN: Freestyle – Sandboxes for Coding Agents

Original Article ↗ Hacker News Discussion ↗

Technology & Performance

  • Freestyle offers hardware-virtualized Linux VMs (microVMs), not containers, with support for systemd, Docker-in-Docker, eBPF, nested virtualization, K8s (e.g., K3s), etc.
  • Core feature: memory + disk forking using copy-on-write so fork time is ~O(1) w.r.t. VM size and number of forks. Median ~320 ms, advertised as <500 ms with a goal of ~200 ms.
  • Disk snapshots are separate and slower (2–4 s pause) due to I/O; forking is designed to avoid that interruption.
  • Forking is node-local; live moving VMs across machines at similar speeds is not yet possible.
  • The system is built on custom VMM work and runs on large bare-metal nodes; hot RAM scaling requires a restart; hot-plug is a possible future feature.
  • Claims that layer management for forks/snapshots is atomic; partial or corrupted fork state is said to be impossible, though implementation is relatively new.

Use Cases & Value Proposition

  • Main pitch: instant, fully isolated “computers for agents,” especially coding agents.
  • Forking enables exploring multiple solution paths or UI flows in parallel, testing variants from the exact same complex in-memory state (e.g., databases, browsers, long-running services).
  • Snapshotting/forking support deterministic debugging of rare edge cases and long-running agents.
  • Built-in multi-tenant git hosting aims to let platforms give each sandbox its own repo and manage thousands of repos via API.

Security & Isolation

  • Emphasis that containers are not as isolated as microVMs for untrusted code; microVMs protect against kernel-level attacks and allow full kernel features.
  • Prompt injection is not solved; the design goal is to constrain blast radius by treating the VM as untrusted and minimizing credentials inside it.
  • Supports multiple Linux users, external proxies, and an upcoming secrets-injection layer to keep keys off the VM while still enabling outbound access.

Pricing, Target Users & Alternatives

  • Target audience is platforms and companies building their own agent products, not hobbyists. Pricing is usage-based; free tier has no long-term persistence.
  • Some commenters find costs and monthly estimates unclear and prefer simpler fixed plans from developer-focused services.
  • Several comparisons requested to Modal, Daytona, E2B, Vercel, Fly.io Sprites, Cloudflare, and exe.dev; thread notes Freestyle focuses on “EC2-like” power, forking, snapshots, and full-VM semantics, while others are seen as lighter sandboxes or more individual-developer–oriented.

Reception, Critiques & Open Questions

  • Many are impressed by sub-second forking of full-memory VMs and rich Linux feature support.
  • Others view the sandbox market as crowded, question whether yet another Firecracker-based platform is differentiated, or argue SaaS sandboxes should be open source/local.
  • Some say they can approximate similar behavior with self-hosted Firecracker, Proxmox, or warm VM pools; Freestyle argues the real value appears at hundreds–thousands of VMs.
  • Multiple commenters find the marketing unclear, especially around git hosting and concrete use cases, and ask for clearer documentation and comparison matrices.